[Milton-L] On Mydoom Virus from ISU Tech Staff [Fwd: OUTAGE: Outgoing Email Available]

Carrol Cox cbcox at ilstu.edu
Fri Jan 30 10:29:19 EST 2004


This gives a taste of what the virus/work is doing, and how.

Carrol

-------- Original Message --------
Subject: OUTAGE:  Outgoing Email Available
Date: Fri, 30 Jan 2004 10:13:07 -0600
From: Carla Birckelbaw <crbirck at ILSTU.EDU>
Reply-To: Important ISU network/computer
announcements<NETALERT-L at listserv.ilstu.edu>
To: NETALERT-L at listserv.ilstu.edu

As reported earlier, outgoing email was unavailable temporarily this
morning and users were receiving an "insufficient disk space error" when
attempting to send through smtp.ilstu.edu. This problem was resolved at
approximately 9:00 am.

We believe that this outage is due to the extremely high number of virus
messages being received currently. We received and blocked 60,000
Mydoom.b
alone overnight, and continue to receive thousands per hour today.
Worldwide, it is being reported that Mydoom & Mydoom.b messages now
account
for one in five messages, and is spreading at record speed. Although
@ilstu.edu accounts are being protected by the block, we receive an
extraordinary amount of bounced messages due to the nature of the worms.

The Mydoom worms work like many other mass mailing worms in that they
harvest email addresses from the host computer and use their own STMP
engine to mass mail messages to spread the virus further.  When it does
this, it uses the addresses harvested from the host as the From: 
address.
As other Internet Service Providers and mail servers intercept the
infected
messages, they see an @ilstu.edu address and an ISU IP address as the
originator, and the bounced messages come back here. When they arrive
here,
the central mail server is aware that they don't really come from an
@ilstu.edu address and attempts to send it to the actual originator of
the
message. Each virus message, then, results in multiple messages between
servers and are causing overloads due to the amounts involved increasing
exponentially.

There were enough of these arriving simultaneously overnight as result
of
the worms to completely fill the mail queue on central mail to the point
that it did not have enough memory available to send messages, resulting
in
the SMTP outage this morning. We apologize for any inconvenience caused
by
this outage and will keep you informed of any other issues related to
it.


_____________________________________________________
Carla Birckelbaw
Director, Computer Infrastructure Support Services (CISS)
Illinois State University
154 Julian Hall, Campus Box 3430
Normal, IL 61790-3430
(309) 438-7525



More information about the Milton-L mailing list